allow requesting a certificate for autodiscover.<domain>, but don't recommend a DNS record that would make requests to it.

this may help testing again in the future. autodiscover with outlook is not working now.
2024-12-26 16:33:47 +03:00 · 2023-02-03 17:53:45 +01:00 · 2023-02-03 17:53:45 +01:00 · ae60cdac7e
commit ae60cdac7e
parent c21b8c0d54
2 changed files with 13 additions and 4 deletions
--- a/http/autoconf.go
+++ b/http/autoconf.go
@ -150,6 +150,10 @@ func autoconfHandle(l config.Listener) http.HandlerFunc {

 // Autodiscover from Microsoft, also used by Thunderbird.
 // User should create a DNS record: _autodiscover._tcp.<domain> IN SRV 0 0 443 <hostname or autodiscover.<domain>>
+// In practice, autodiscover does not seem to work (any more). A connectivity test
+// tool for outlook is available on https://testconnectivity.microsoft.com/, it has
+// an option to do "Autodiscover to detect server settings". Incoming TLS
+// connections are all failing, with various errors.
 func autodiscoverHandle(l config.Listener) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		log := xlog.WithContext(r.Context())
--- a/mox-/config.go
+++ b/mox-/config.go
@ -193,14 +193,19 @@ func (c *Config) allowACMEHosts() {
 		for _, dom := range c.Dynamic.Domains {

 			if l.AutoconfigHTTPS.Enabled {
-				d, err := dns.ParseDomain("autoconfig." + dom.Domain.ASCII)
-				if err != nil {
+				if d, err := dns.ParseDomain("autoconfig." + dom.Domain.ASCII); err != nil {
 					xlog.Errorx("parsing autoconfig domain", err, mlog.Field("domain", dom.Domain))
-					continue
-				}
+				} else {
 					m.AllowHostname(d)
 				}

+				if d, err := dns.ParseDomain("autodiscover." + dom.Domain.ASCII); err != nil {
+					xlog.Errorx("parsing autodiscover domain", err, mlog.Field("domain", dom.Domain))
+				} else {
+					m.AllowHostname(d)
+				}
+			}
+
 			if l.MTASTSHTTPS.Enabled && dom.MTASTS != nil {
 				d, err := dns.ParseDomain("mta-sts." + dom.Domain.ASCII)
 				if err != nil {